Microsoft plans to allow Office 365 (opens in new tab) admins to ensure that end users can't override organization-wide policies set up to block active content even with Trusted Documents.
Trusted Documents are files that contain active content such as ActiveX controls, macros, and Dynamic Data Exchange (DDE) functions that don't require user interaction, but still open without displaying a prompt or a warning.
However, such active content also lends itself to being misused by threat actors for malicious purposes. Until now, embedded active content in Trusted Documents enabled the files to bypass the Protected View (opens in new tab) safeguards, but Microsoft is about to change the default setting.
- Take a look at these best alternatives to Microsoft Office (opens in new tab)
- These are the best VPN services for Windows 10 (opens in new tab)
- Here's our choice of the best malware removal (opens in new tab) software on the market
“We are changing the behavior of Office applications to enforce policies that block Active Content (ex. macros, ActiveX, DDE) on Trusted Documents,” announced the company (opens in new tab) in its Microsoft 365 roadmap.
Admins know best
Currently all active content embedded inside Trusted Documents would run unhindered, even if an IT administrator had set a policy to block such content.
“As part of ongoing Office security hardening, the IT administrator’s choice to block Active Content will now always take precedence over end-user set trusted documents,” explains Microsoft.
The change would ensure that if an admins has blocked active content, even Trusted Documents with such content will now open under Protected View, even if a user has enabled such content to run without warnings.
According to the roadmap, Microsoft plans to roll out this new feature to all Microsoft 365 users world-wide, by the end of October 2021.
- Protect your devices with these best antivirus software (opens in new tab)